Search ranking change should be good news for domain name registrars.
Google announced this morning that it’s starting to give extra credit in search results to companies offering websites secured by SSL.
That means sites where you see httpS:// might show up higher in search results than those without added encryption.
Google explains the added ranking factor in a post on its blog:
…over the past few months we’ve been running tests taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms. We’ve seen positive results, so we’re starting to use HTTPS as a ranking signal. For now it’s only a very lightweight signal — affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content — while we give webmasters time to switch to HTTPS. But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.
This could be a boon to both domain name registrars and certificate sellers should the ranking boost be considered meaningful. SSL certificates sell for a lot more per year than domain names. Heck, they even cost more than many shared hosting packages. It’s an add-on domain name registrars will appreciate help selling.
Very interesting. I think it’s a bit naive to think any given site would be safer, just because it uses https. A phishing or malware site could be just as dangerous with SSL, and when a visitor looks at the URL they will still see some fictional sound-alike company name.
If a site is a news, blog or content site, and it does not have any credit card transactions, there is zero gain in safety. A huge percentage of all web sites fall into this category.
Besides the cost, SSL has a slight performance impact, so whenever I built a site that needed SSL, I only used it on things like logins.
I wonder what Google plans to charge for SSL. This could give them an unfair advantage.
I do find the performance trade off with SSL (at least how it has been explained to me) interesting. Doesn’t Google also penalize slow loading sites? I suppose that really only affects very slow loading sites.
I’m guessing that as server and bandwidth speeds increase, the impact diminishes, but you can’t ignore the fact that it is definitely faster without SSL.
When a site is just serving content, most sites wouldn’t even consider SSL.
With hundreds of domains, it’s simply not worth the expense, however I did find out that some companies now offer a Multiple Domain (UCC) certificate that allows up to 99 domains on one certificate. The downside of this is that the certificate name will not be unique for each domain.
Using https only “on things like logins” is how exploits like Firesheep (http://en.wikipedia.org/wiki/Session_hijacking#Firesheep) and its successors are able to work.
Using https everywhere is being promoted as a way to make it harder for intelligence agencies to monitor everyone’s communications. The EFF and similar groups have been pushing wider adoption of https since at least 2010.
I suspect this is an instance of Google management figuring out “we can help push to make the internet more secure, AND make more money!”
“Using https only “on things like logins” is how exploits like Firesheep (http://en.wikipedia.org/wiki/Session_hijacking#Firesheep) and its successors are able to work.”
Exploits like Firesheep are no threat to sites that don’t have logins or anything in the session to exploit. Case in point, that Wikipedia page is not using https, and unless you are editing a Wiki (which does use an https login), people reading a content only page like a Wikipedia page are not at risk.
My point is that a huge percentage of web traffic is essentially read-only content. For every visitor to a content site like a blog, there are hundreds or thousands who never log in, or post content.
I realize things are changing. In the early days, the only time https was used was when submitting something from a form. Now that sites often interact in real time using JavaScript the way you interact with a site is completely different. That’s why sites with a lot of interaction like Twitter and Facebook use it on every page.
I think it’s still too expensive for most content sites to buy SSL certificates simply to get a possible edge against competing sites in search results. If you think of it, assuming all your competitors are just content sites, odds are they won’t use https either, so it’ll be a level playing field.
E-Commerce sites already use it, but for everyone else, either the prices have to go down drastically or we won’t see mass adoption.
SSL Certificate sales just went through the roof.
You don’t secure an entire website with https as it interferes with indexing a website/images (or at least it used to unless things have changed), confidential information fair enough, public not so much
If Google says they’re using https as a ranking signal, doesn’t that imply that they must have already indexed the urls they’re working on ranking?
I think you’re confusing use of https with logins and paywalls (probably because the latter generally make use of the former).
Google definitely is trying to get sites to use https for every page, and they are indexing every page, unless you specifically block https crawls.
In spite of the performance hit, every page on some of the biggest sites such as Twitter, Facebook and YouTube use https, not just pages where you log in. This is because those kinds of sites integrate real-time content posting and commenting so often that they want to insure the cookies and other handshaking are secure.
I still disagree with the idea of bogging down simple content sites with the overhead, but I guess in the long run as servers and browsers get faster, the overhead won’t matter as much…. but then there’s the expense. Unless there is a drastic price drop (free), I have no plan to migrate most of my sites.